The majority of government-sponsored hacking now targets cell phones, not personal computers, according to researchers who say that political dissidents are especially targeted by totalitarian regimes around the world. Until 2015, most government-sponsored hacking operations were directed against the personal computers of targeted individuals. However, experts tellThe Wall Street Journal that as of this year cell phones have become a far more lucrative target than personal computers in government-sponsored hacking operations. Researchers with Lookout Mobile Security, a security software company based in the United States, say that detected phone-hacking operations that are believed to be sponsored by governments have increased by a factor of 10 in the first five months of this year, compared to 2015.

According to Lookout, the increase in hacking operations targeting mobile phones reflects the proliferation of smartphone usage around the world, as well as the increase in consumption of cell phone software. Government-sponsored hackers usually compromise their targets’ cell phones through malicious software disguised as cell phone applications. The Wall Street Journal also reports that the software needed to build malicious software for cell phones has become cheaper and more readily available. Compromising a target’s cell phone provides hackers with information that is far more personal and sensitive than what can be found on a personal computer. The paper quotes Mike Murray, Lookout’s vice president of security research, who says: “It is one thing to compromise someone’s computer. It’s another thing to have a listening device that they carry around with them 24 hours a day”. Compromised phones become immensely powerful espionage tools, explains Murray.

Many of the individuals whose cell phones are targeted by governments are activists or dissidents who campaign for political or economic reforms in their countries. Their cell phones are targeted in systematic hacking campaigns by countries like Ethiopia, the United Arab Emirates, Cambodia, and Mexico, said Lookout. The Wall Street Journal cites Raj Samani, chief scientist for the antivirus firm McAfee, who claims that nearly 11 percent of cell phones worldwide were infected with some kind of malware in 2017. That statistic is likely to rise significantly by the end of 2018, says Samani.

The Pakistani military is suspected of having orchestrated a lucrative intelligence collection campaign using mobile phones, which targeted diplomats from India, Israel and Australia, as well as from North Atlantic Treaty Organization (NATO) member countries such as the United States and Britain. Others targeted in the operation include officials from Iraq, Iran and the United Arab Emirates. News of the alleged spy operation was published earlier this month by Lookout Mobile Security, a security software company based in the United States.

The company said that the perpetrators of the operation managed to hack into a number of diplomats’ phones by creating a number of fake applications for Android and iOS mobile phone systems. The applications, called Tangelo (for iOS) and Stealth Mango (for Android), took control of mobile phone devices once their owners downloaded them through fake third-party app stores advertising online. According to Lookout, the two apps were designed by a consortium of freelance software developers who have close links with the Pakistani military establishment. The technical report published by Lookout points to the use of IP addresses that lead to a server housed in Pakistan’s Ministry of Education in the country’s capital, Islamabad. Lookout also said that it managed to trace the identity of the person who was the main developer of the two fake mobile phone applications. He is reportedly a full-time government employee who “moonlights as a mobile app developer”. The group that built the fake apps is known for creating legitimate apps, said Lookout, but also works for hire creating surveillanceware for mobile phone systems. In the past, the same group has been found to target military and civilian government officials in India, according to Lookout.

In its technical report, the Lookout security team describes how the Pakistani hackers collected a variety of data from their victims, by having it stealthily transmitted from compromised mobile phones to servers in Islamabad. The data included photos and videos, lists of contacts, logs of phone calls and texts, as well as detailed calendar entries. German and Australian diplomats had their travel plans stolen, and a letter from the United States Central Command to Afghanistan’s assistant minister of defense for intelligence was also acquired by the hackers. The latter also gained access to the contents of an entire database of pictures of traveler passports —many of them diplomatic— from the Kandahar International Airport in southern Afghanistan. The report said it was impossible to know for certain when Tangelo and Stealth Mango were first developed and utilized. However, the most recent version of the apps was released in April of this year.

The spy agency of Lebanon used a virus designed for the Android mobile operating system to compromise the cell phones of thousands of people in at least 20 countries, according to a new mobile security report. The 50-page report was published on Thursday by a team of researchers from Lookout, a mobile security company, and the Electronic Frontier Foundation in Washington, DC. In an accompanying press release, the researchers said that the virus, which they named Dark Caracal, has been in existence for at least six years. They added that it was traced to a building in Beirut belonging to the General Directorate of General Security (GDGS), Lebanon’s primary external intelligence agency.

According to the Lookout/EFF research team, the trojanized phone application was camouflaged as a secure messaging service, resembling popular applications like Signal or WhatsApp. However, once an Android user downloaded it, it gave remote users access to the compromised phone’s cameras and microphone, thus turning it into a bugging device. The virus also stole email and text messages, pins and passwords, lists of contacts, call logs, photographs, as well as video and audio recordings stored on the compromised device. The report states that compromised devices were found in over 20 countries, including Lebanon, France, Canada, the United States and Germany. The majority of those targeted by the virus were civilian and military officials of foreign governments, defense contractors, and employees of manufacturing companies, financial institutions and utility providers.

On Thursday, Reuters contacted Major General Abbas Ibrahim, who serves as director general of GDGS. He insisted that the GDGS is known for collecting intelligence using human sources, not cyber technologies. “General Security does not have these type[s] of capabilities. We wish we had these capabilities”, General Ibrahim told the news agency.